After logging in to the system, enter ?g=Create&m=Doc&a=action&back_url or ?g=Create&m=Node&a=action&id=52&back_url page,
enter="><script>alert(1);</script> after the back_url parameter, and the following page will pop up , Prove that the system has XSS vulnerabilities.
Through analyzing the code, /Public/Theme/Create/Default/Doc/Doc_index.php, /Public/Theme/Doc/Default/Login/Login_index.php,
it is found that the back_url parameter is not filtered and exists XSS vulnerability